Creating a database credentials secret type

Reviewed on 05 April 2024 • Published on 05 April 2024

This documentation shows you how to create a database credentials secret type, with a version matching this type, using the Secret Manager API.

Before you start

To complete the actions presented below, you must have:

A Scaleway account logged into the console
Owner status or IAM permissions allowing you to perform actions in the intended Organization
A valid API key

Open a terminal and run the following command to create your database credentials secret type. Make sure that you replace $SECRET_KEY and $SCW_PROJECT_ID with your own values.

    curl -q \
      -H "X-Auth-Token: $SECRET_KEY" \
      -H 'Content-Type: application/json' \
      -X POST \
      -d '{
            "name": "my-secret",
            "project_id": "'$SCW_PROJECT_ID'",
            "type": "database_credentials"
      }' \
      https://api.scaleway.com/secret-manager/v1beta1/regions/fr-par/secrets

Run the following command to encode the content of your secret version in bytes. Make sure that you add your own values.

echo '{
    "engine": "mysql",
    "username": "username",
    "password": "my-super-secure-password",
    "host": "<instance host name/resolvable DNS name/IP address>",
    "dbname": "my-database",
    "port": "8080"
}' | base64

An output similar to the following should display:

ewogICAgImVuZ2luZSI6ICJteXNxbCIsCiAgICAidXNlcm5hbWUiOiAidXNlcm5hbWUiLAogICAgInBhc3N3b3JkIjogIm15LXN1cGVyLXNlY3VyZS1wYXNzd29yZCIsCiAgICAiaG9zdCI6ICI8aW5zdGFuY2UgaG9zdCBuYW1lL3Jlc29sdmFibGUgRE5TIG5hbWU+IgogICAgImRibmFtZSI6ICJteS1kYXRhYmFzZSIsCiAgICAicG9ydCI6ICI4MDgwIgp9

Run the following command to create a secret version matching your database_credentials secret type. Make sure that you add your own values and that you paste the output from the step above in the data field.

    curl -q \
      -H "X-Auth-Token: $SECRET_KEY" \
      -H 'Content-Type: application/json' \
      -X POST \
      -d '{
            "data": "ewogICAgImVuZ2luZSI6ICJteXNxbCIsCiAgICAidXNlcm5hbWUiOiAidXNlcm5hbWUiLAogICAgInBhc3N3b3JkIjogIm15LXN1cGVyLXNlY3VyZS1wYXNzd29yZCIsCiAgICAiaG9zdCI6ICI8aW5zdGFuY2UgaG9zdCBuYW1lL3Jlc29sdmFibGUgRE5TIG5hbWU+IgogICAgImRibmFtZSI6ICJteS1kYXRhYmFzZSIsCiAgICAicG9ydCI6ICI4MDgwIgp9",
            "description": "my-secret-description",
      }' \
      https://api.scaleway.com/secret-manager/v1beta1/regions/fr-par/secrets/{secret_id}/versions

Secret types and JSON formats expected

You can create the other following secret types using the Scaleway Secret Manager API:

Basic credentials type: allows you to set a username (optional) and a password
Database credentials type: allows you to set an engine, username, password, host, database name, and port.
Key/value type: allows you to set as many first-level keys and scalar types as values (string, numeric, boolean) as you need.
SSH key type: allows you to set an SSH key

The following table provides information about the expected values for each secret type.

Secret type	Value	JSON sample
Basic credentials	basic_credentials	`{"username": "<username>", "password": "<password>"}`
Database credentials	database_credentials	`{"engine": "mysql", "username": "username", "password": "my-super-secure-password", "host": "<instance host name/resolvable DNS name>", "dbname": "my-database", "port": "8080"}`
Key/value	key_value	`{"key": "value", "toto": "titi"}`
SSH key	ssh_key	`{"ssh_private_key": "<ssh-private-key>"}`